CLOUDP-317911 Add pprof integration in operator

[MaciejKaras]

Summary

pprof can be configured by two new environment variables:

• MDB_OPERATOR_PPROF_ENABLED - together with OPERATOR_ENV controls enabling of pprof server. Basically the rule for enabling pprof is defined in IsPprofEnabled function:

  mongodb-kubernetes/pkg/pprof/pprof.go

  Lines 66 to 70 in 94fc9ea

  	// IsPprofEnabled checks if pprof is enabled based on the PPROF_ENABLED
  	// and OPERATOR_ENV environment variables. It returns true if:
  	// - PPROF_ENABLED is set to true
  	// - OPERATOR_ENV is set to dev or local and PPROF_ENABLED is not set
  	// Otherwise, it returns false.

• MDB_OPERATOR_PPROF_PORT - by default it is set to 10081

It's more than _ "net/http/pprof" one liner for a couple of reasons:

• having the possibility to enable pprof for the production environment is necessary for debugging memory issues and it does not add much overhead either https://stackoverflow.com/a/64057856. Previously it was only enabled for dev and local
• exposing by default pprof server in production is a no-go in many organisations due to sensitive information exposed or just exposing some port is enough to alert security staff https://cwe.mitre.org/data/definitions/200.html
  standard way of starting pprof by is discouraged for lack of configurability and security issues
  • G114: Use of net/http serve function that has no support for setting timeouts (gosec)
  • G108: Profiling endpoint is automatically exposed on /debug/pprof (gosec)

import _ "net/http/pprof"

[...]
  go func() {
    log.Println(http.ListenAndServe("localhost:10081", nil))
  }()

Proof of Work

pprof debug page is available at default localhost:10081 port

Added unit tests that verify IsPprofEnabled function. Shutdown is also working:

2025-05-09T16:32:56.750+0200	INFO	pprof/pprof.go:57	Stopping pprof server
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:235	Shutdown signal received, waiting for all workers to finish	{"controller": "mongodbuser-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "mongodbmulticluster-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "mongodbreplicaset-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "mongodbstandalone-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "mongodbuser-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "opsmanager-controller"}
2025-05-09T16:32:56.750+0200	INFO	controller/controller.go:237	All workers finished	{"controller": "mongodbshardedcluster-controller"}
2025-05-09T16:32:56.750+0200	INFO	manager/internal.go:537	Stopping and waiting for caches
2025-05-09T16:32:56.750+0200	INFO	pprof/pprof.go:52	pprof server stopped

Checklist

• Have you linked a jira ticket and/or is the ticket in the title?
• Have you checked whether your jira ticket required DOCSP changes?
• Have you checked for release_note changes?

Reminder (Please remove this when merging)

• Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible
• Our Short Guide for PRs: Link
• Remember the following Communication Standards - use comment prefixes for clarity:
  • blocking: Must be addressed before approval.
  • follow-up: Can be addressed in a later PR or ticket.
  • q: Clarifying question.
  • nit: Non-blocking suggestions.
  • note: Side-note, non-actionable. Example: Praise
  • --> no prefix is considered a question

[lsierant]

Consider one comment, but other than that it's awesome. LGTM!